Zero Day Initiative Advisory 11-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Access Point process (ZfHIPCnd.exe) which listens by default on TCP port 2400. The problem occurs due to the application copying arbitrary sized data from a packet into a statically sized buffer. Due to the application not accommodating for the variable sized data during initialization of this buffer a buffer overflow will occur. This can lead to code execution under the context of the application.
646c3c9ee7e6a2694f8a45540159142ec7e8ea2d273c445e829eb3daf2f0ac07
Secunia Security Advisory - Red Hat has issued an update for webkitgtk. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain access restrictions, conduct spoofing attacks, cause a DoS (Denial of Service), potentially disclose sensitive information, and potentially compromise a user's system.
91022508e1e53838480cb243ae73ca0df5935a43b60599218a28d1c0d618f239
Ubuntu Security Notice 1051-1 - Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code.
a1b87dab348d4d4025c5919e596b01e599a2e532f2995aad0fa3ab38a3d2cd01
Secunia Security Advisory - A vulnerability has been discovered in MuPDF, which potentially can be exploited by malicious people to compromise a user's system.
ffc1789730b0a2cd84ad1b666f02d42806c736b38a1951a261052f2abbe232c4
Secunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
af5c4f0a2f855e1797390509a0debcbfc44211762650ee4e7372ea7165d86609
Secunia Security Advisory - A vulnerability has been discovered in SumatraPDF, which potentially can be exploited by malicious people to compromise a user's system.
3947506974d3b3737c7e201b99d9ab6b5d5454089a9e5092db30a11c6aa574e9
Secunia Security Advisory - A vulnerability has been reported in the Media [DAM] extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
caf7785a688efa96af51b0db8ef4df60a56bf4ea53142eee1c5bd78aa61374dd
Secunia Security Advisory - A vulnerability has been reported in RSA Data Protection Manager, which can be exploited by malicious users to conduct SQL injection attacks.
e32b410b307980bc4290d9c35ed512e7bd1e3bfc0699234fac01719c46d5d8c7
Secunia Security Advisory - A vulnerability with unknown impact has been reported in Mosets Tree component for Joomla!.
ee120417f7d3468c976490565fe464859f20d4dbb6381d2cd9d1a0c46c574a1f
Secunia Security Advisory - A vulnerability has been discovered in the Audio plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
87cf441a87cfbb1709329d9fd06ad1ab248088c668f4764b9a5e0acb860cb0fc
Secunia Security Advisory - A vulnerability has been discovered in the BezahlCode-Generator plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
03948323d4bb75e052b405e67c18cb1e95134dd771fdf5386dfe36f220a59a92
Secunia Security Advisory - A vulnerability has been discovered in RSS Feed Reader for WordPress plugin, which can be exploited by malicious people to conduct cross-site scripting attacks.
3b78d0861707c887c377226acd745dcc1f9700ba80503ea311f0cb37a098c31d
Secunia Security Advisory - A vulnerability has been discovered in Look 'n' Stop Firewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
f83c882e4b89edbe37d4cbe74f32999d06a86ac4862e79c447b90643a267c367
Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in the FCChat Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
843ce4a7101dbab768628a9f17a62408e1d42743fd6575e3bf86fed156db781b
Secunia Security Advisory - Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct HTTP response splitting attacks, cross-site request forgery attacks, and bypass certain security restrictions. 1) An unspecified error related to insufficiently random numbers can be exploited to gain access to a user's account.
5c6f6876a5bbe4064d7aa1959450da1cf07a4332da6c07ef914d556d735d6bf9
Secunia Security Advisory - Dmitry Chastuhin has reported multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.
11ab326efa92e8779d89217c612bd6edc729c6d6581fcca920949792d69e83c3
Secunia Security Advisory - A vulnerability has been reported in Progress OpenEdge, which can be exploited by malicious people to bypass certain security restrictions.
170f82b059d054ca459f9d60ae4073e0db8501c0ba71a62f356abe98d694d8e7
Zero Day Initiative Advisory 11-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a REQUEST-STATUS variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
191f4ea4886e15f46822744f040abd9d0dec4d3828a80db4fb7a3e1fb0331d92
It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability allows privilege escalation within the OpenVAS Manager but more complex injection may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
465e38dd18df584bf3d5f7eda261e4615381784ac40a6d293ea96a4cc69f27a3
HP Security Bulletin HPSBMA02624 SSRT100195 2 - A potential vulnerability has been identified with HP LoadRunner and HP Performance Center. The vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
0ae85c56d3d2c3beefa5625a23d8aae8de8e99fbfd15ff6ec394d62fa013d7af
Syslog-NG versions 2.0, 3.0, 3.1, 3.2 OSE and PE suffer from information leak, access prevention and possible privilege escalation vulnerabilities.
182c2c5d9650fa3c22f1331dab15f9344255b47637a2dceca52b21aed476a527
Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.
29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7
Progress OpenEdge Enterprise RDBMS version 10.2A has some vulnerabilities that make it possible to enumerate UserID and bypass authentication.
94f3ea7ac21edb9e58b5237ff7c2a7826e37b408dbacdbff22fb5468c6bdec38
Pligg CMS version 1.1.3 suffers from a path disclosure vulnerability.
6b984ea8f5f5ae5f4016ca41219b784091c63f58ec6723c026db2e3fc3167876
The author of this file claims that naming a directory with a .asp extension on IIS 6 will causing all files inside of it to be executed as such.
7d3a817a22ee42fe51d188e334502eb335489a020414bfe1d8e9ebcb14d8ed1f